Robot 'guard dog' protects Wi-Fi setups

LAS VEGAS--A strange two-wheeled creature
was skimming through the halls of the Alexis Park Hotel on Sunday--a
robot that sniffs out network vulnerabilities.

Created by two members of a loose association of security experts called the Shmoo Group, the robot is designed to wheel around on its own detecting and reporting the security problems of Wi-Fi wireless networks.

"The point of the hacker robot is that it can become an autonomous
hacker droid," said Paul Holman, the robot's co-designer, who
demonstrated it for the first time at the DefCon
hacker convention here. "It can get in close to the network. On the
offensive side, it can be used for corporate or political espionage. On
the defensive side, it can be used for network vulnerability
assessment."

The prototype robot, which has not been named, may be the first
creature designed for this purpose. Holman and hardware engineer Eric
Johanson hope to sell custom versions of the unit to government
agencies and businesses that are worried about the security of their
own wireless networks or that hope to break into someone else's. Holman
and Johanson have not yet set a price.

Wi-Fi setups are exploding in popularity in corporate America, but
according to Johanson, they frequently introduce security
vulnerabilities into a company's larger network.

"The biggest hole right now is wireless networks," Johanson said.
"You don't know what the coverage of your wireless network is. It's
variable, depending on the antennas being used by the guys on the
outside. Everyone's deploying wireless networks. And it's very
difficult to make them secure."

In its prototype version, the robot weighs about 40 pounds, can reach a
speed equal to that of a fast walk and can roll around for three hours
at a stretch before using up its power supply. It uses one 802.11b card
to eavesdrop on a wireless network and a second card as a control
channel to communicate with its owner. Two batteries--a sealed lead
acid pack for the electronics and a nickel metal hydride pack to drive
the wheels--provide power.

Currently, Holman said, the robot can sniff out passwords sent through protocols such as Telnet and POP,
the post office protocol used for e-mail. Its designers said they're
still working on the autonomous capabilities--including sensors to
detect humans and obstacles--and so they used a game controller that's
attached to a laptop in a backpack to maneuver the robot around DefCon.

Johanson suggested that his robot could be a cheap network guard
dog. "If they can just plug this thing in and have it roam around their
wireless network, it's a more cost-effective way than having a human do
it."